rpms/sudo/FC-4 sudo-1.6.8p8-safecmd.patch, NONE, 1.1 sudo.spec, 1.24, 1.25
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jun 21 09:11:10 UTC 2005
Author: kzak
Update of /cvs/dist/rpms/sudo/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv27330
Modified Files:
sudo.spec
Added Files:
sudo-1.6.8p8-safecmd.patch
Log Message:
- fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
sudo-1.6.8p8-safecmd.patch:
ldap.c | 2 --
parse.yacc | 4 ----
sudo.c | 10 ++--------
sudo.tab.c | 44 ++++++++++++++++++++------------------------
4 files changed, 22 insertions(+), 38 deletions(-)
--- NEW FILE sudo-1.6.8p8-safecmd.patch ---
--- sudo-1.6.8p8/sudo.tab.c.safecmd 2004-08-11 20:29:36.000000000 +0200
+++ sudo-1.6.8p8/sudo.tab.c 2005-06-21 11:13:19.051592608 +0200
@@ -674,7 +674,7 @@
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
-#line 890 "parse.yacc"
+#line 886 "parse.yacc"
#define MOREALIASES (32)
aliasinfo *aliases = NULL;
@@ -1740,14 +1740,10 @@
}
yyval.BOOLEAN = TRUE;
-
- if (safe_cmnd)
- free(safe_cmnd);
- safe_cmnd = estrdup(user_cmnd);
}
break;
case 61:
-#line 684 "parse.yacc"
+#line 680 "parse.yacc"
{
aliasinfo *aip;
@@ -1779,7 +1775,7 @@
}
break;
case 62:
-#line 713 "parse.yacc"
+#line 709 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE) {
@@ -1807,11 +1803,11 @@
}
break;
case 65:
-#line 744 "parse.yacc"
+#line 740 "parse.yacc"
{ push; }
break;
case 66:
-#line 744 "parse.yacc"
+#line 740 "parse.yacc"
{
if ((MATCHED(host_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
@@ -1822,7 +1818,7 @@
}
break;
case 71:
-#line 762 "parse.yacc"
+#line 758 "parse.yacc"
{
push;
if (printmatches == TRUE) {
@@ -1835,7 +1831,7 @@
}
break;
case 72:
-#line 771 "parse.yacc"
+#line 767 "parse.yacc"
{
if ((MATCHED(cmnd_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
@@ -1850,11 +1846,11 @@
}
break;
case 73:
-#line 785 "parse.yacc"
+#line 781 "parse.yacc"
{ ; }
break;
case 77:
-#line 793 "parse.yacc"
+#line 789 "parse.yacc"
{
if (printmatches == TRUE) {
in_alias = TRUE;
@@ -1866,7 +1862,7 @@
}
break;
case 78:
-#line 801 "parse.yacc"
+#line 797 "parse.yacc"
{
if ((yyvsp[0].BOOLEAN != NOMATCH || pedantic) &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
@@ -1880,11 +1876,11 @@
}
break;
case 81:
-#line 818 "parse.yacc"
+#line 814 "parse.yacc"
{ push; }
break;
case 82:
-#line 818 "parse.yacc"
+#line 814 "parse.yacc"
{
if ((MATCHED(user_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
@@ -1896,19 +1892,19 @@
}
break;
case 85:
-#line 833 "parse.yacc"
+#line 829 "parse.yacc"
{
SETMATCH(user_matches, yyvsp[0].BOOLEAN);
}
break;
case 86:
-#line 836 "parse.yacc"
+#line 832 "parse.yacc"
{
SETNMATCH(user_matches, yyvsp[0].BOOLEAN);
}
break;
case 87:
-#line 841 "parse.yacc"
+#line 837 "parse.yacc"
{
if (userpw_matches(yyvsp[0].string, user_name, sudo_user.pw))
yyval.BOOLEAN = TRUE;
@@ -1918,7 +1914,7 @@
}
break;
case 88:
-#line 848 "parse.yacc"
+#line 844 "parse.yacc"
{
if (usergr_matches(yyvsp[0].string, user_name, sudo_user.pw))
yyval.BOOLEAN = TRUE;
@@ -1928,7 +1924,7 @@
}
break;
case 89:
-#line 855 "parse.yacc"
+#line 851 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
yyval.BOOLEAN = TRUE;
@@ -1938,7 +1934,7 @@
}
break;
case 90:
-#line 862 "parse.yacc"
+#line 858 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
@@ -1963,12 +1959,12 @@
}
break;
case 91:
-#line 884 "parse.yacc"
+#line 880 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
-#line 1920 "sudo.tab.c"
+#line 1916 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;
--- sudo-1.6.8p8/parse.yacc.safecmd 2004-08-11 20:29:10.000000000 +0200
+++ sudo-1.6.8p8/parse.yacc 2005-06-21 11:13:19.045593520 +0200
@@ -676,10 +676,6 @@
}
$$ = TRUE;
-
- if (safe_cmnd)
- free(safe_cmnd);
- safe_cmnd = estrdup(user_cmnd);
}
| ALIAS {
aliasinfo *aip;
--- sudo-1.6.8p8/ldap.c.safecmd 2004-12-01 04:28:46.000000000 +0100
+++ sudo-1.6.8p8/ldap.c 2005-06-21 11:13:19.043593824 +0200
@@ -278,8 +278,6 @@
/* Match against ALL ? */
if (!strcasecmp(*p,"ALL")) {
ret=1;
- if (safe_cmnd) free (safe_cmnd);
- safe_cmnd=estrdup(user_cmnd);
if (ldap_conf.debug>1) printf(" MATCH!\n");
continue;
}
--- sudo-1.6.8p8/sudo.c.safecmd 2005-06-21 11:13:14.683256696 +0200
+++ sudo-1.6.8p8/sudo.c 2005-06-21 11:13:19.049592912 +0200
@@ -429,6 +429,8 @@
/* Validate the user but don't search for pseudo-commands. */
validated = sudoers_lookup(pwflag);
}
+ if (safe_cmnd == NULL)
+ safe_cmnd = user_cmnd;
/*
* If we are using set_perms_posix() and the stay_setuid flag was not set,
@@ -545,14 +547,6 @@
exit(0);
}
- /* This *must* have been set if we got a match but... */
- if (safe_cmnd == NULL) {
- log_error(MSG_ONLY,
- "internal error, safe_cmnd never got set for %s; %s",
- user_cmnd,
- "please report this error at http://courtesan.com/sudo/bugs/");
- }
-
/* Override user's umask if configured to do so. */
if (def_umask != 0777)
(void) umask(def_umask);
Index: sudo.spec
===================================================================
RCS file: /cvs/dist/rpms/sudo/FC-4/sudo.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- sudo.spec 15 Jun 2005 17:15:54 -0000 1.24
+++ sudo.spec 21 Jun 2005 09:11:07 -0000 1.25
@@ -4,7 +4,7 @@
Summary: Allows restricted root access for specified users.
Name: sudo
Version: 1.6.8p8
-Release: 2.1
+Release: 2.2
License: BSD
Group: Applications/System
Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -19,6 +19,8 @@
# 154511 â sudo does not use limits.conf
Patch2: sudo-1.6.8p8-pam-sess.patch
+# 161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
+Patch3: sudo-1.6.8p8-safecmd.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -39,6 +41,7 @@
%endif
%patch2 -p1 -b .sess
+%patch3 -p1 -b .safecmd
%build
%ifarch s390 s390x
@@ -105,6 +108,9 @@
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Tue Jun 21 2005 Karel Zak <kzak at redhat.com> 1.6.8p8-2.2
+- fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
+
* Tue May 24 2005 Karel Zak <kzak at redhat.com> 1.6.8p8-2.1
- fix #154511 â sudo does not use limits.conf
More information about the fedora-cvs-commits
mailing list